Method and system for providing end-to-end security solutions to aid protocol acceleration over networks using selective layer encryption

Abstract

The present invention is a method, system, and computer program that provides secure network communication over a network between a first and a second entity wherein data packets are encrypted and transmitted according to previously exchanged encryption command information and wherein TCP accelerators may be used to effectively accelerate the transmission of the data packets. A method, system, and computer program are also shown that provide secure network communication through encrypting a plurality of payloads and embedding encryption command information for each encrypted payload into an options field of a corresponding protocol header while still allowing TCP accelerators to read the protocol headers and effectively accelerate the transmission of the payloads.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application claims the benefit of U.S. Provisional Application No. 60 / 547,587, entitled METHOD FOR PROVIDING END-TO-END SECURITY SOLUTIONS OVER SATELLITE NETWORKS USING SELECTIVE LAYER ENCRYPTION, filed Feb. 26, 2004, the entire disclosure of which is incorporated herein by reference.FIELD OF THE INVENTION[0002]The present invention generally relates to satellite networks and other communications media that display high latency, and more particularly to methods for securing end-to-end virtual private network communication across any such high-latency networks.BACKGROUND OF THE INVENTION[0003]Any transmission medium or network requires a finite time to carry a message from source to destination. The speed of light over a direct path determines the theoretical minimum transmission time. Also, all transmission equipment introduce additional delay, called latency. For example, although satellite networks have advantages such as permitting...

AI Technical Summary

Benefits of technology

[0020]Accordingly, there exists a significant need for a ful

Problems solved by technology

Also, all transmission equipment introduce additional delay, called latency.

For example, although satellite networks have advantages such as permitting telecommunication across any distance without laying ground lines, the distance between the ground and the satellite introduces significant transmission delay.

As another example, cellular wireless networks contain many packet switches, each of which introduces some latency; the cumulative delay can exceed that of a satellite link.

As a result of the distance traveled by transmissions from one node (e.g., a ground station) to another node via a satellite, significant transmission delays may be incurred.

Such delay causes certain performance issues for voice applications.

For example, problems such as “conversation collisions” occur wherein both parties start talking at the same time because neither can hear that the other party is also talking.

Data protocols within satellite and other high-latency networks also face problems with long delays.

Two problems in particular handicap the use of satellite networks for data applications: throughput limitation and partial security.

Throughput limitation refers to the fact that Transmission Control Protocol (TCP) sending devices (among many devices that transmit data packets) cannot transmit at rates in excess of the rates at which the receiver device can acknowledge receipt of the packets.

However, in a satellite network, the inherent delay caused by long-distance transmission results in each sending TCP device being required to wait idle for each acknowledgement.

In practice, this forced wait limits the average transmission speed to approximately 130 kbit/s, regardless of the channel bandwidth of the satel

Images